// middlewares/auth.js
const jwt = require('jsonwebtoken');
const { wx, jwtSecret, jwtExpire } = require('../config');

module.exports = async (ctx, next) => {
  const authHeader = ctx.headers.authorization || '';
  const token = authHeader.replace(/^Bearer\s/, '');

  try {
    const decoded = jwt.verify(token, jwtSecret);
    ctx.state.user = decoded; // 注入用户信息
    await next();
  } catch (err) {
    console.log(err,'err');
    
    ctx.status = 401;
    ctx.body = { code: 401, message: '未授权或Token无效' };
  }
};
